How to setup the network for leveraging an additional firewall

My children are starting to explore the internet. I asked myself how I can protect them. There are many technologies which can be leveraged like:

  • Firewall rules
  • DNS servers who deny name resolution for certain domains
  • Web Proxies

I wanted to have a look at the Sophos XG Firewall wich is offered as a free of charge version for personal use.

I will expain in this blog how to leverage the network facilities of the turris omnia router to transparently insert a firewall in the environment.

Network requirements

A minimal network setup at home will look like this:

A modem provides on official IP Address to the WAN interface of the router. The router itselve does a network address translation to provide internet connectivity to all devices which are connected to the local private networks. A firewall inside the router seperates the networks and will contain the rules for Port Forwards and Traffic Rules.

If an additional Firewall should be integrated in this setup, normally you would have to place the firewall in between the router and the modem. For this setup you would to have to add an individual hardware.

As alternative you can also change the packet flow for individual clients. One easy possibility is to integrate a firewall appliance which has it’s LAN interface in the private network the devices are attached to. For individual clients in the private network you can then define the LAN interface of the firewall to be their gateway. This can be achieved using the DHCP-Option 3 in the DHCP configuration fir the client in focus.

In the following picture such a configuration is depicted: